In the video above, TrevE from XDA, discovers that there is a serious security issue on a variety of HTC phones including the Thunderbolt. As you’ll see while watching, an unrooted HTC device running Sense (HTC’s custom skin) does an extremely poor job of hiding or protecting any of the important information that should be encrypted or at least locked tightly away somewhere deep in your phone.
There are couple of issues here that need to be pointed out. First, is the fact that even if you opt out of HTC’s feedback program during the setup of your phone, they are still tracking every single thing you do. And seriously, we are talking everything down to the last app you opened for 2 seconds. The second thing and probably scariest, is what you are seeing in the video – that all of the information that they are tracking along with others including IMEI/MEID, phone, networks you are on, etc. are all available to any app with the permission android.permission.INTERNET. So essentially, every app on your phone. Scary and insane, right?
Well here’s the good news if you can call it that. HTC is looking into it this very minute. They take security seriously and will hopefully issue an update that will patch this immediately.
Is the sky falling? No. Is this a ridiculous oversight by HTC’s part that is inexcusable? You betcha it is. Thanks to TrevE over at XDA though for posting this on Friday and reporting it 5 days prior to that, they are well aware of it. ”Do work” HTC, and patch this damn thing, so we can look to enjoy the Vigor when it comes out this month.
In the mean time, if you are frightened by this, you can root your device and install a ROM that does not include HTC’s Sense. Otherwise, I would suggest that you look through your app list to make sure you or anyone that has handled your device in a while hasn’t installed anything out of the ordinary.
Again, the world has not come to a screeching halt here. HTC will fix it. We’ll remind you again not to install shady apps from shady markets.